We as humans are either processing someone else’s personal information for a “purpose” or;
Our information gets processed by someone else for a “purpose”.
Question is do we as “individuals” and others as “group of individuals” (representing single or multiple entities) understand the “basics” of processing personal data.
i.e the principles.
Article 5, of European Union General Data Protection Regulation states
Principles relating to processing of personal data
In simpler terms
“Ask” the right questions as individuals;
Answer them as an organisation.
Why do you need my personal data? Identify the “right” purpose.
(Organisation) For; employment, banking, health, travel, business etc.
How will you process my personal data? Identify the machinery
(Organisation)Through automated decision-making technology, software and systems designed, developed and maintained by humans for generating an output.
“serving the right purpose for personal data processing”
Where will my personal data be stored? Identify data retention timeline and purpose.
(Organisation) Notify; the personal data storage jurisdiction and location; data retention time-line and purpose to store and process.
How secure is my personal data? Identify technology and human security mechanisms.
(Organisation) Prove; efforts to showcase and validate internal organisational security procedures; notices; provision of data backup during any known or unknown incidents (cyber-attacks – eg: ransomware)
Yes, data is the new oil; but do we have the resources to define and protect our personal data sovereignty.
More from Personal Data
Professional and knowledge sharing platforms have shifted from media to social media. Everyone everywhere is talking about EU-GDPR applicability in organisations …